Privacy Policy

Last updated: February 15, 2026

The Short Version

  • We don't sell your data. Not to advertisers, not to data brokers, not to anyone.
  • We don't use patient data to train AI. Your clinical notes and patient information stay yours.
  • We encrypt everything. Data in transit and at rest. Always.
  • We sign BAAs. For Practice and Group plans, we'll sign a HIPAA Business Associate Agreement.
  • You can export and delete. Your data, your choice.

What Data ChronoDent Collects

Practice Account Data

When you sign up, we collect your name, email, practice name, and billing information (processed via Stripe — we don't store credit card numbers).

Clinical Notes & Patient Records

The clinical notes you enter, probing depths, treatment plans, AI-generated summaries, risk scores, and any documents you upload. This is Protected Health Information (PHI) under HIPAA.

Patient Portal Data

Patient names, email addresses, and the care plans/documents you choose to share with them via the portal.

Usage Data

How you use ChronoDent — which features, how often, basic device/browser info. We use this to improve the product, not to profile you.

How We Use Your Data

To run ChronoDent: Generate AI summaries from your clinical notes, calculate risk scores, render heatmaps, power the patient portal, process payments.

To improve the product: Aggregate, anonymized usage patterns help us understand which features work and which need improvement. We don't look at your actual patient data for this.

To communicate with you: Account notifications, billing receipts, product updates. No spam, no selling your email to marketers.

AI and Your Data

We do not use your patient data to train our AI models. When you click "Generate AI Draft," your clinical notes are sent to our AI provider (currently using enterprise-grade LLM APIs) to generate that specific summary. The data is not retained by the AI provider for training. Each generation is a one-time transaction.

HIPAA Compliance

ChronoDent is designed to help dental practices meet HIPAA requirements:

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Access Controls: Role-based permissions. Team members only see what they need.
  • Audit Logs: We track who accessed what patient records and when.
  • BAA Available: For Practice and Group plans, we sign Business Associate Agreements.
  • Secure Infrastructure: Hosted on SOC 2 compliant cloud infrastructure with regular security assessments.

Note: ChronoDent provides tools to help you comply with HIPAA, but compliance also depends on how your practice uses the platform and your own policies.

Who We Share Data With

No one, for marketing or advertising. We don't sell data. Period.

Service providers: Stripe (payments), cloud hosting, AI inference providers — all under strict data processing agreements. They process data on our behalf, not for their own purposes.

Your patients: When you approve a care plan and share it via patient portal, that patient can see what you've shared. You control what gets shared.

Legal requirements: If required by valid legal process (subpoena, court order), we may have to disclose data. We'll notify you if legally permitted.

Data Retention

Active accounts: We retain your data while your account is active.

After cancellation: We keep data for 30 days in case you reactivate, then delete it. You can request immediate deletion.

Legal requirements: Dental records often have legal retention requirements (varies by state, typically 7-10 years). You're responsible for maintaining your own records outside ChronoDent if needed for legal compliance.

Your Rights

Access: You can export all your data anytime from Settings.

Correction: You can edit patient records and account information directly in ChronoDent.

Deletion: You can delete individual patient records or your entire account.

Portability: Export your data in standard formats (CSV, PDF).

For patients: Contact your dental provider to request access to or deletion of your records. They control your data in ChronoDent.

Security Measures

  • • TLS 1.3 encryption for all data in transit
  • • AES-256 encryption for data at rest
  • • Secure password hashing (bcrypt/scrypt)
  • • Regular security audits and penetration testing
  • • SOC 2 compliant cloud infrastructure
  • • Automatic session timeout and re-authentication
  • • Rate limiting and brute-force protection

Changes to This Policy

If we make significant changes, we'll notify you by email and update the date at the top. Continued use after changes means you accept the updated policy.

Contact

Privacy questions: privacy@chronodent.ai

General support: support@chronodent.ai